Krebs On Security offers readers a behind-the-scenes look at a organized crime operation that uses stolen credit card numbers to purchase and launder high-end electronics.
Shady Reshipping Centers Exposed, Part I
There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as “Drops for stuff” on cybercrime forums. The “drops” are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.
http://krebsonsecurity.com/2011/10/shady-reshipping-centers-exposed-part-i/
Krebs on Security
The TDSS botnet is the most sophisticated threat today, according to experts at Russian security firm Kaspersky Lab. First launched in 2008, TDSS is now in its fourth major version (also known as TDL-4). The malware uses a “rootkit” to install itself deep within infected PCs, ensuring that it loads before the Microsoft Windows operating system starts. TDSS also removes approximately 20 malicious programs from host PCs, preventing systems from communicating with other bot families.
Rent-a-Bot Networks Tied to TDSS Botnet
Krebs takes a closer look at a Russian individual who appears to have close ties to the TDSS operation.
Who’s Behind the TDSS Botnet?
TDL4 – Top Bot
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot#5
Most often, TDL is planted on adult content sites, bootleg websites, and video and file storage services.
Krebs On Security
Brian Krebs recently wrote about an online service that was selling access to stolen credit and debit card data.
“The real news is that few of these fraud shops are secure enough to keep their stock of stolen data from being pilfered by thieves’, said Krebs.
A prime example is the shop mn0g0.su (“mnogo” is a transliteration of ?????, which means “many” in Russian). This online store, launched in January 2011, lets customers shop for stolen card data by bank issuer, victim ZIP code, and card type. A source who enjoys ruining criminal projects said he stumbled upon mn0g0.su’s back-end database by accident; the site was backing up its cache of stolen card data to a third party server that was wide open and unencrypted.
http://krebsonsecurity.com/2011/08/vendor-of-stolen-bank-cards-hacked/
Last month Cyber Criminals stole $217,000 from the Metropolitan Entertainment & Convention Authority (MECA), a nonprofit organization.
Krebs On Security
Lea French, MECA’s chief financial officer, said the trouble began when an employee with access to the organization’s online accounts opened a booby-trapped email attachment containing password-stealing malware.
The attackers used MECA’s online banking credentials to add at least six people to the payroll who had no prior business with the organization. Those individuals, known as “money mules,” received fraudulent transfers from MECA’s bank account and willingly or unwittingly helped the fraudsters launder the money.”
https://krebsonsecurity.com/2011/08/ethieves-steal-217k-from-arena-firm/
